Application No. 10/71 1,731 Docket No. CTX-123 

AMENDMENTS TO THE CLAIMS 

Upon entry of this amendment, the following listing of claims will replace all prior 
versions and listings of claims in the pending application. 

IN THE CLAIMS 

Please amend claims 1, 9, 10, 18, 19, 25, 26, 28-30, 42, 43 and 47 as follows: 

1 . (Currently Amended) A method for providing a user with authorized remote access to one of 

one or more application sessions disconnected from one or more client nodes previously 

operated by the user , the method comprising: 

(a) requesting, by a client node operated by a user , access to a resource provided by an 
application session ; 

(b) gathering, by a collection agent, information about the client node in response to the 
request to access the resource ; 

(c) receiving, by a policy engine, the gathered information; 

(d) making, by a policy engine, an access control decision for the resource based on 
application of a policy to the received information; 

(e) identifyin g, based on the access control decision, one or more an application sessions to 
which the client node is permitted to connect, the application session from one or more 
application sessions already associated with the use r and disconnected from one or more 
client nodes previously operated by the use r in response to the received information ; and 

(f) establishing, by a session server, a connection between a-the client node computer 
operated by the user and the one or more identified application sessions identified in 
response to the received informatio n identification . 
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2. (Original) The method of claim 1 wherein step (a) further comprises requesting the resource 

over a network connection. 

3. (Original) The method of claim 1 wherein step (b) further comprises gathering the information 

over a network connection. 

4. (Original) The method of claim 1 wherein step (b) further comprises gathering information by 

executing at least one script on the client node. 

5. (Original) The method of claim 1 wherein step (d) further comprises determining if the 

received information satisfies a condition. 

6. (Original) The method of claim 5 further comprising determining if the received information 

satisfies a condition by comparing the received information to at least one condition. 

7. (Original) The method of claim 6 wherein step (d) further comprises making an access control 

decision by applying a policy to the condition. 

8. (Original) The method of claim 1 wherein a first one of the application sessions is running on 

a first server and a second one of the application sessions is running on a second server. 

9. (Currently Amended) The method of claim 1 wherein the step of establishing, by the session 

server, a connection between the client node and the one or more application sessions is 
subject to a rule permitting the client computer operated by the user node to connect to the 
one or more application sessions. 

10. (Currently Amended) The method of claim 1 wherein the connection between the user client 
node and the one or more application sessions is triggered by the selection of a single user 
interface element. 
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1 1 . (Original) The method of claim 1 further comprising the step of receiving, by a session server, 
a disconnect request to disconnect a first application session associated with the user and a 
second application session associated with the user; 

and disconnecting, by the session server, the first and second application sessions. 

12. (Original) The method of claim 1 1 further comprising updating, by the session server, at least 
one data record associated with the first and second application sessions to indicate that the 
first and second application sessions are disconnected. 

13. (Previously Presented) The method of claim 12 further comprising the step of continuing, by 
the session server, execution of one or more applications for at least one of the disconnected 
application sessions. 

14. - 17. (Canceled) 

18. (Currently Amended) The method of claim 1 wherein the one or more application sessions 
was connected to a first client computer node prior to connection and, after connection, the 
one or more application sessions is reconnected to the first client compute r node . 

19. (Currently Amended) The method of claim 1 wherein the one or more application sessions 
was associated with a first client computer node p rior to establishing the connection and, 
after establishing the connection, the one or more application sessions is connected to a 
second client compute r node . 

20. (Original) The method of claim 1 wherein at least one application session is disconnected. 

21. (Original) The method of claim 1 wherein at least one application session is active. 

22. (Original) The method of claim 1 wherein the identifying one or more applications sessions 
is automatic upon receipt of authentication information. 



4419386vl 



-4 - 



Application No. 10/71 1,731 Docket No. CTX-123 

23. (Original) The method of claim 1 further comprising the step of providing for receiving 
application output from a one or more previously disconnected application sessions 
associated with the user in response to the received information. 

24. (Original) The method of claim 23 further comprising disconnecting at least one active 
application session associated with the user in response to the received information. 

25. (Currently Amended) The method of claim 23 wherein the one or more active application 
sessions is initially connected to a first client computer node and, upon requesting access to 
the resource, the user is operating a second client compute r node . 

26. (Currently Amended) The method of claim 23, wherein the receipt of application output from 
the one or more active application sessions is subject to a rule permitting the user to have a 
client node comput e r operated by the user to connect to the one or more active application 
sessions. 

27. (Original) The method of claim 23 wherein the receipt of application output from the one or 
more active application sessions and the receipt of application output from the one or more 
disconnected application sessions are triggered by the selection of a single user interface 
element. 

28. (Currently Amended) The method of claim 23 wherein the one or more disconnected 
application sessions was connected to a first client computer node p rior to disconnection and, 
at connection, the one or more disconnected application session is reconnected to the first 
client compute r node . 

29. (Currently Amended) The method of claim 23 wherein the one or more disconnected 
application sessions was connected to a first client computer node p rior to disconnection and, 
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at connection, the one or more disconnected application session is connected to a second 
client compute r node . 

30. (Currently Amended) A system for providing a user with authorized remote access to an -one 
of one or more application sessio ns disconnected from one or more client nodes previously 
operated by the user , the policy engine system comprising: 

a collection agent gathering information about the-a_client node operated by a user, 
the client node requesting access to a resource provided by an application session ; 

a policy engine receiving the gathered information, making an access control 
decision for the resource based on the received information application of a policy to the 
received information , and requesting initiating, based on the access control decision, an 
enumeration identification of an application session to which the client node is permitted to 
connect, the application session from one or more application sessions already associated 
with the user and disconnected from one or more client nodes previously operated by the user 
client node, the request including the access control decision; and 

a session server generating an enumeration of one or more establishing a 
connection between the client node and the identified application sessio n in response to the 
identifications associated with the client node responsive to the access control decision . 

31. (Original) The system of claim 30 wherein the collection agent executes on the client node. 

32. (Original) The system of claim 30 wherein the policy engine transmits the collection agent to 
the client node. 

33. (Original) The system of claim 30 wherein the policy engine transmits instructions to the 
collection agent determining the type of information the collection agent gathers. 

34. (Canceled) 
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35. (Original) The system of claim 30 wherein a first one of the application sessions is running 
on a first server and a second one of the application sessions is running on a second server. 

36. (Original) The system of claim 30 wherein the session server connects the client node to the 
one or more application sessions. 

37. (Original) The system of claim 36 wherein the connection of the client node to the one or 
more application sessions, is triggered by selection of a single user interface element. 

38. (Original) The system of claim 36 wherein the session server is also configured to receive a 
disconnect request to disconnect the first application session associated with the user and the 
second application session associated with the user and disconnect the first and second 
application sessions in response to the request. 

39. (Original) The system of claim 38 wherein the session server is further configured to update 
at least one data record associated with each of the first and second application sessions to 
indicate that the first and second application sessions are disconnected. 

40. (Cancelled) 

41. (Original) The system of claim 30 wherein the policy engine further comprises stored data 
associated with one or more servers executing application sessions. 

42. (Currently Amended) The system of claim 30 wherein the one or more application sessions 
was connected to a first client computer node prior to connection and, after connection, the 
one or more application sessions is reconnected to the first client compute r node . 

43. (Currently Amended) The system of claim 30 wherein the one or more application sessions 
was associated with a first client computer n ode p rior to connection and, after connection, the 
one or more application sessions is connected to a second client computer node . 
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44. (Original) The system of claim 30 wherein at least one of the one or more application 
sessions is disconnected. 

45. (Original) The system of claim 30 wherein at least one of the one or more application 
sessions is active. 

46. (Previously Presented) The method of claim 1 wherein step (b) further comprises gathering 
one or more of the following information about the client node: a machine identification (ID) 
of the client node, type of an operating system, existence of a patch to the operating system, a 
Media Access Control (MAC) address of a network card, a digital watermark on the client 
node, a membership in an Active Directory, an existence of a virus scanner, an existence of a 
personal firewall, an HTTP header, a browser type, a device type, network connection 
information, and authorization credentials. 

47. (Currently Amended) The method of claim 1 wherein step (f) further comprises establishing 
the connection between the client computer n ode and the one or more application sessions 
responsive to the policy engine making the access control decision. 
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